httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bremser, Kurt (AMOS Austria GmbH)" <>
Subject AW: [users@httpd] Change user for Apache web server to a non-privileged user? [wd-vc]
Date Wed, 14 Sep 2016 12:26:31 GMT
Looks like http-web misses read/execute permissions on your DocumentRoot directory.

Kurt Bremser
AMOS Austria

Newton was wrong. There is no gravity. The Earth sucks.
Von: Tom Hammond []
Gesendet: Mittwoch, 14. September 2016 14:16
Betreff: [users@httpd] Change user for Apache web server to a non-privileged user? [wd-vc]

Hello everyone,

I have an Apache 2.2x server and would like to harden security so that hackers can't get in
easily to the Apache webserver.  One suggestion is to change the user/group for Apache to
a non-privileged account.

Currently the user "fpp" is the default user for Apache which has access to the operating
system via sudo commands.

I entered these commands to create a non-privileged account:
sudo groupadd http-web
sudo useradd -d /opt/fpp/www/ -g http-web http-web

I then edited /etc/apache2/envvars to change these lines:
export APACHE_RUN_USER=http-web
export APACHE_RUN_GROUP=http-web

I also ran this command to change user/group permissions on this folder:
sudo chown -R http-web:http-web /var/lock/apache2/
sudo chown -R http-web:http-web /opt/fpp/www

Finally, I restarted the Apache service with this command:
sudo service apache2 restart

When I try to access the website on this server, I receive the following message:

Forbidden: You don't have permission to access / on this server.

I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache
user to a non-privileged account and can't figure it out. Can someone shed some light on this?


AMOS Austria GmbH 
1130 Wien, Hietzinger Kai 101-105 
FN 365014k, Handelsgericht Wien 
UID: ATU 66614737 

Dieses E-Mail und allfaellig daran angeschlossene Anhaenge 
enthalten Informationen, die vertraulich und 
ausschliesslich fuer den (die) bezeichneten Adressaten 
bestimmt sind. 
Wenn Sie nicht der genannte Adressat sind, darf dieses 
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen 
Personen zugaenglich gemacht noch in anderer Weise 
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen. 

Please note: This email and any files transmitted with it is 
intended only for the named recipients and may contain 
confidential and/or privileged information. If you are not the 
intended recipient, please do not read, copy, use or disclose 
the contents of this communication to others and notify the 
sender immediately. Then please delete the email and any 
copies of it. Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message